Commit a065c8d5 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Create a new issue via: incoming+group/project+AUTH_TOKEN@...

parent 634c9f40
......@@ -60,6 +60,7 @@ module Gitlab
def process_create_issue
validate_permission!(message_sender, message_project, :create_issue)
validate_authentication_token!(message_sender)
issue = Issues::CreateService.new(
message_project,
......@@ -85,6 +86,11 @@ module Gitlab
raise UserNotAuthorizedError unless author.can?(permission, project)
end
def validate_authentication_token!(author)
raise UserNotAuthorizedError unless author.authentication_token ==
authentication_token
end
# Find the first matched user in database from email From: section
# TODO: Since this address could be forged, we should have some kind of
# auth token attached somewhere to verify the identity better.
......@@ -97,7 +103,7 @@ module Gitlab
def message_project
@message_project ||=
Project.find_with_namespace(reply_key) if reply_key
Project.find_with_namespace(project_namespace) if reply_key
end
def process_reply(project)
......@@ -118,6 +124,14 @@ module Gitlab
key_from_to_header || key_from_additional_headers
end
def authentication_token
reply_key[/[^\+]+$/]
end
def project_namespace
reply_key[/^[^\+]+/]
end
def key_from_to_header
key = nil
message.to.each do |address|
......
......@@ -5,7 +5,7 @@ Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incom
Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
Date: Thu, 13 Jun 2013 17:03:48 -0400
From: Jake the Dog <jake@adventuretime.ooo>
To: incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo
To: incoming+gitlabhq/gitlabhq+auth_token@appmail.adventuretime.ooo
Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
Subject: New Issue by email
Mime-Version: 1.0
......
......@@ -5,7 +5,7 @@ Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incom
Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
Date: Thu, 13 Jun 2013 17:03:48 -0400
From: Jake the Dog <jake@adventuretime.ooo>
To: incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo
To: incoming+gitlabhq/gitlabhq+auth_token@appmail.adventuretime.ooo
Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
Subject: New Issue by email
Mime-Version: 1.0
......
Return-Path: <jake@adventuretime.ooo>
Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400
Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700
Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700
Date: Thu, 13 Jun 2013 17:03:48 -0400
From: Jake the Dog <jake@adventuretime.ooo>
To: incoming+gitlabhq/gitlabhq+bad_token@appmail.adventuretime.ooo
Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com>
Subject: New Issue by email
Mime-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Sieve: CMU Sieve 2.2
X-Received: by 10.0.0.1 with SMTP id n7mr11234144ipb.85.1371157428600; Thu,
13 Jun 2013 14:03:48 -0700 (PDT)
X-Scanned-By: MIMEDefang 2.69 on IPv6:2001:470:1d:165::1
......@@ -171,7 +171,13 @@ describe Gitlab::Email::Receiver, lib: true do
end
let(:sent_notification) {}
let!(:user) { create(:user, email: 'jake@adventuretime.ooo') }
let!(:user) do
create(
:user,
email: 'jake@adventuretime.ooo',
authentication_token: 'auth_token'
)
end
let(:namespace) { create(:namespace, path: 'gitlabhq') }
let(:project) { create(:project, :public, namespace: namespace) }
let(:email_raw) { fixture_file('emails/valid_new_issue.eml') }
......@@ -215,6 +221,18 @@ describe Gitlab::Email::Receiver, lib: true do
expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::InvalidIssueError)
end
end
context "when the authentication_token token didn't match" do
let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") }
before do
project
end
it "raises an UserNotAuthorizedError" do
expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::UserNotAuthorizedError)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment